IBM announced on Jan. 23 its intent to acquire privately-held Agile 3 Solutions in an effort to further improve IBM Security's risk management capabilities. Financial terms of the deal are not being publicly disclosed.
Agile 3 Solutions is an IT risk management vendor with several different products and services. Among Agile 3's products is a service called Business Exposure and Risk Management (BERM), which aims to help provide visibility into potential security risks that could impact a business. The Business Program Management and Compliance (BPMC) service from Agile 3 provides a management dashboard for organizations to track metrics that are aligned with compliance efforts. The Agile 3 Business GRC: iDNA is a platform that helps organizations to map potential threats against business assets.
Gregg Barrow, Partner, Global Competency Leader, Data and Application Security Services at IBM Security, explained that Agile 3 Solutions provides specific technology that is able to harvest information about risks and exposures to sensitive data across an organization. He noted that in addition to collecting and analyzing business risk information, the Agile 3 technology provides an intuitive, graphical user dashboard that is designed specifically for executive-level use.
"The Agile 3 dashboard provides Line of Business-level detail that helps executives understand what pieces of data are at risk, how significant the risk is, which Line of Business is responsible for the data, and more items," Barrow told eWEEK. "Agile 3's technology is able to collect its own business-level risk data and can also be fed data from data security and other products to collect, analyze and present a single business-level view of business risk to data."
While Agile 3 does provides capabilities that can fit into the Governance, Risk and Compliance (GRC) market, Barrow commented that Agile 3 does not directly compete with GRC tools. Rather he noted that Agile 3 is focused on providing a data security risk assessment of the enterprise data, how to remediate risk and communicate the risk posture to the business.
"Agile 3 Solutions integrates with IBM Security Guardium capabilities to remediate data security concerns," Barrow said.
In terms of where the Agile 3 technology will fit into the IBM Security product portfolio, Barrow said that it will augment the existing data security capabilities from IBM Security Guardium and IBM Data and Application Security Services. He noted that Agile 3 recently partnered with the Guardium team to engage with clients, and jointly perform proof of concepts.
"Agile 3 has the ability to apply its technology broadly across the IBM Security portfolio," Barrow said. "In the coming months, IBM Security will be exploring ways to further integrate Agile 3 technology and leverage it across areas of the portfolio."
IBM calls its approach to layering and embedding security across an organization, the 'security immune system.' The basic idea is that by layering security across the entire 'body' of an organization, technology can fight threats in a way similar to how antibodies fight disease. The Agile 3 technology is set to become another element in the growing IBM security immune system.
"By having a broad set of tightly integrated security capabilities woven throughout a company’s infrastructure, these systems can work together to proactive[ly] detect and combat various threats throughout the multiple stages of an attack's lifecycle," Barrow said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.